Blocking certain terrorism/porn sites and DNS

Hi,

I have a doubt which i am sure a lot of people in this list would be
able to help me with.

There was news that terror groups like Al Qaida, etc. are using
internet to promote their terror links and these web sites provide
online training on how one could assemble bombs, etc.

The community as a whole wants to close all such web sites. I dont
think there is any ambiguity there.

My question is why cant we ban websites like, say, alqaida.com
(hypothetical name), etc. from the whois database.

As far as i understand if there is a website with the name of
www.abc.com then it needs to register itself with the whois database
(from network solutions) so that all the queries to this website can
be forwarded to the corresponding nameserver. Now, if we want to block
abc.com permanently then cant we simply remove this URL entry from the
whois database?

Will this work?

Thanks,
Abhishek

It would stop them using whichever hostnames you banned but do you really
think this would stop them using the internet.

Terrorist1: Mmmm seems the internet community have put a stop to us using
www.bombsrus.com
Terrorist2: Ok right lets give up and strive for world peace instead.

I don't think so

More likely they will (and already are) hiding behind very non terror
sounding names, not a lot we can do about that really.

Brett..

Will this work?

It would stop them using whichever hostnames you banned but do you really
think this would stop them using the internet.

No, that wasnt my point. I just wanted to make sure that my
understanding of banning a hostname was indeed correct. We can this
way atleast block all websites with *alqaida* domain names.

I wanted to know if the arguments of "freedom of speech" etc. apply to
the Internet also, wherein somebody could argue that no central
authority can stop somebody from expressing their thoughts, etc.

Terrorist1: Mmmm seems the internet community have put a stop to us using
www.bombsrus.com
Terrorist2: Ok right lets give up and strive for world peace instead.

I don't think so

Even i dont think so!

The EFF on line 1, for you

The community as a whole wants to close all such web sites. I dont
think there is any ambiguity there.

I disagree. There absolutely IS some ambiguity there,
the community as a whole does not want to "close all such web sites".

It was bad enough back in the '90s when Internic refused to accept
registration of certain four letter words. DNS is not a proper venue
for censoring ideas.

No, that wasnt my point. I just wanted to make sure that my
understanding of banning a hostname was indeed correct. We can this
way atleast block all websites with *alqaida* domain names.

I wanted to know if the arguments of "freedom of speech" etc. apply to
the Internet also, wherein somebody could argue that no central
authority can stop somebody from expressing their thoughts, etc.

Within the USA, arguments of "freedom of speech" DO apply.

Somebody can and should argue that no central authority
is entitled to stop somebody from expressing their thoughts.

IMHO, it is not the purpose of network operators to make value
judgments regarding the packets that we transport.

Why not just bring back the "evil bit" as a serious proposal?

Kevin Kadow

Why not just bring back the "evil bit" as a serious proposal?

*waves his cluebat around* ummm..... no.

If we, is the US department of commerce, the answer is probably yes.

The only operational significance, is that there is no way easy way of
estimating in advance the effect of removing valid DNS information from the
system, unless you are the administrator of the system concerned (and even
then mistakes happen - not when I do it of course<cough>).

i.e. It may be that a nameserver called "ns1.example.com" supports domains in
a completely different TLD, like "example.co.uk", which belongs to an
important organisation or service.

That said spammers routinely have domains, and nameservers, removed with very
little if any damage to legitimate Internet users.

The real question is should we, words don't kill people, people kill people.

If we, is the US department of commerce, the answer is probably yes.

The only operational significance, is that there is no way easy way of
estimating in advance the effect of removing valid DNS information from the
system, unless you are the administrator of the system concerned (and even
then mistakes happen - not when I do it of course<cough>).

i.e. It may be that a nameserver called "ns1.example.com" supports domains in
a completely different TLD, like "example.co.uk", which belongs to an
important organisation or service.

Okay, so i am not talking about blocking or removing a name server. I
am talking of removing that offending entry (like www.abc.com) from
the whois database or whereever the central database is mantained.

That said spammers routinely have domains, and nameservers, removed with very
little if any damage to legitimate Internet users.

The real question is should we, words don't kill people, people kill people.

Definitely!

It was bad enough back in the '90s when Internic refused to accept
registration of certain four letter words. DNS is not a proper venue
for censoring ideas.

Again, I am not discussing "censoring ideas". I want to know if its
indeed "tehnically" possible and feasible to block a website URL from
being accessed.

Okay, so i am not talking about blocking or removing a name server. I
am talking of removing that offending entry (like www.abc.com) from
the whois database or whereever the central database is mantained.

on the global internet, i doubt there is anything that does not
offend someone.

randy

Yeps, a sys admin could do that. Sure. But we dont want others also to
see that website. Is it possible by deleting that entery from the
whois database is my question.

No - not without some high level intervention at the registry and seeing as
they are in the US under US law, it's not very likely to happen (freedom of
speech/press, etc.). You could also set the firewall policy company wide at
the network distribution point (where the Internet comes into the facility
from the outside). But, that's censorship which I don't support except in
rare cases.

-- Jonathan

It was bad enough back in the '90s when Internic refused to accept

registration of certain four letter words. DNS is not a proper venue
for censoring ideas.<<

and the end result is a monopoly http://datapimp.com/

Geo.

George Roettger
Netlink Services

Again, I am not discussing "censoring ideas". I want to know if its

indeed "tehnically" possible and feasible to block a website URL from
being accessed.<<

Technically, easy enough to test, open your hosts file and do an entry like

127.0.0.1 www.abc.com

it should block it just as if the root servers blocked it and you can test
to see if this is "feasible" all you like without actually affecting anyone
else.

The problem with feasibility is that not all of us consider peril sensitive
sunglasses to be a solution.

Geo.

George Roettger
Netlink Services

Again, I am not discussing "censoring ideas".

then why did you use emotionally loaded words such as "terrorist?"

randy

coz i assumed that everyone wants to block such sites.

sorry if i hurt some feelings.

apologies,
abhishek

Who's going to judge whether it is good or bad?
There is a lot of different point of view, and we couldn't know whether it is good or bad until the website is launching.
I don't think this will resolve anything for anti-terrorism.
Terrorism is judged by government viewpoint, and they have the power to order ISP to stop the site
when they need.
This is not the technical issue at all.
A terrorist may be the hero for other country, and there is no way to make this as global practice.

Some country may have different meaning for AlQaida by their language or local customs for an example.

Even if this is enforced, people can do host the site under hotmail.com or some public web hosting site.
So do we want to kill the domain because of one user's activities?

I'm not saying that terrorist activities is acceptable, but this should be done by local government law and followed
by legitimate procedure, not by technical/operational practice.

I'm sure any registry can remove the domain if there is the reasonable request by the internal procedure or local government law or court order.

Abhishek Verma wrote:

There are actually perfectly valid reasons for not blocking such sites, even
if you feel (as I do) that jihadis are the enemies of civilization.

Many of these sites are used to transmit data concerning terrorist attacks
or for recruitment, etc. Some include forums where supporters can post
messages. Its a safe bet to assume that various law enforcement bodies may
monitor such sites.

If you block them at the DNS level, they will simply move elsewhere.
Logically, it will take longer for law enforcement to catch up than it will
for the bad guys to start using another domain name. That's a bad thing.

So, to answer your original question: yes, it is entirely possible, from a
technical point of view*. If you were going to block a web site, using DNS
is probably the best way to ensure there is minimal "collateral damage" -
blocking via IP address will result in other sites getting blocked due to
virtual hosting (using a single IP address for many web sites). However,
there are legal, ethical, and law enforcement reasons why such action may
not always be wise.

Discussing any sort of blocking will always arouse passions. Talking about
blocking port 445 to stop an (alleged) worm infestation seems to get
people's undergarments in a knot. For good or ill, the Internet was built as
an open network and seems to work best that way. That ideal has been
transmitted to most of those who currently toil away to keep it running and
to improve it.

Don't be afraid to keep asking questions, Abhishek. Just remember that the
inmates of this particular asylum get testy now and again

Thanks,
Daniel Golding

(*There are additional questions on where you should do this blocking.
That's an entirely separate can of worms)

I believe you've mispelt "Al Q'aeda".

You see the problem.

Cheers,
-- jr 'PDFTT' a

you seem to have a couple of ideas co-mingled.
  ) whois == dns ... there is zero technical requirement for
    whois to exist. removing or blocking entries in your whois
    of choice is trivial and painless.
  ) URLs map to IP addresses. ... you can or your ISP can
    filter based on IP address pretty easily. You only task here
    is to keep up with the DNS changes that move the URL to new
    IP space.
  ) there is NO centralized system here. there are hundreds of
    whois systems in place and the DNS is structured so that
    responsibility is delegated... there would have to be worldwide
    agreement on not only what should be filtered but how. And
    that (worldwide agreement) is going to be hard to bring to pass.
    So just because the VSGN whois does not have the entry, does
    not mean that the IN whois does not have it either. Or because
    VSNL blocks IP packets to certain prefixes does not mean they are
    not routed elsewhere in the Internet.
--bill

* Abhishek Verma:

There was news that terror groups like Al Qaida, etc. are using
internet to promote their terror links and these web sites provide
online training on how one could assemble bombs, etc.

If I were interested in instructions for assembling bombs, I'd look
for U.S. militia sites, which happen to be protected by the First
Amendment.

The community as a whole wants to close all such web sites. I dont
think there is any ambiguity there.

Some U.S. Americans value their free speech rights, so the agreement
is certainly not universal.

If I'm not mistaken, the U.S. are quite lenient on their own lunatic
fringe, especially if they wave the proper flags.

As far as i understand if there is a website with the name of
www.abc.com then it needs to register itself with the whois database
(from network solutions)

The central WHOIS database for .COM and .NET is NOT run by Network
Solutions. Verisign (or the U.S. government) can only exercise
control over most ccTLDs in a very disruptive way, which is unlikely
to have a long-lasting effect if the ccTLD in question has any
commercial value (unlike .iq, for example).

so that all the queries to this website can be forwarded to the
corresponding nameserver.

I think you are interested in DNS, not WHOIS. WHOIS is mostly
irrelevant in this discussion (except if you want to shut down sites
quickly, see the recent thread on this list).

Now, if we want to block abc.com permanently then cant we simply
remove this URL entry from the whois database?

The WHOIS database does not store URLs in the way you think it does.

The U.S. administration cannot police the entire DNS name space. For
example, I can add new domain names under enyo.de, and no one will
know or can do anything about it (except maybe my brother and some
people who have access to a special WHOIS server).

Another example: There are many alleged child porn sites with host
names ending in .ru. The U.S. government could ask IANA/Verisign to
remove the delegation of .ru from the root name servers, but it's
likely that those who have must access Russian sites (or whose
customers request it) simply resurrect the delegation locally, or use
some altenative set of DNS root servers. (Direct action against .RU
sites is often infeasible, I'm told.)